At the 2008 CanSecWest, the digital security conference, the MacBook Air was no match for the winner of the PWN 2 OWN hacking competition. Tthe MacBook Air was hacked in less time than it takes most people to nuke a lunch in the microwave. Now, that’s fast.

The winner of the PWN 2 OWN was well-known iPhone hacker Charlie Miller. He seemed to have no trouble steering the Safari browser to a website that contained a coded exploit, which allowed him to take over the MacBook Air in just 2 minutes. That’s right, just 2 minutes. For his efforts, Miller takes home US$10,000 for his ethical hacking.

How did he do it? Well, Mr. Miller isn’t talking, as he has signed a nondisclosure agreement; and sponsors of the PWN 2 OWN competition, TippingPoint, now own the details of the vulnerability, so the company can contact the vendors.

Reader Comments

Well, it's finally starting to happen. Hackers are starting to turn towards the Mac OS. That's what you get for being cocky…

lmfao

I have to say i am a little disappointed in the lack of mac fan spin on this.

DivingDancer

Yeah, the Mac crowd is strangely silent when they are on the losing end, aren't they? I've noticed that over the years.

Seriously, I'd love to see the Mac vs PC commercial based on this. But I know that I never will. Because Apple refuses to admit that any OS is vulnerable if somebody is really intent on getting into it. And they stick their heads in the sand and pretend that their arrogance over the years hasn't led to the current situation, where there are many, many open and exploitable vulnerabilities in the OS, but until recently nobody has bothered to attack them.

Now sales of Macs are up a little bit, and their turn is coming. I hope they are ready for a rocky few years while they face the inevitible learning curve. If nothing else comes from it, I hope they at least lose some of the arrogance and rejoin the human race.

lonegunmen

From the original article:

"Nobody was able to hack into the systems on the first day of the contest when contestants were only allowed to attack the computers over the network, but on Thursday, the rules were relaxed so that attackers could direct contest organizers using the computers to do things like visit Web sites or open e-mail messages."

"Apparently Mr. Miller visited a website which contained his exploit code (presumably via a crossover cable connected to a nearby MacBook), which then "allowed him to seize control of the computer"

So if the user just had to visit a special crafted webpage to get owned, then why did they have to use a crossover cable to another Mac and then visit a webpage? Couldn't the hacker just tell the user to visit his special webpage over the regular network connection? It would seem that this hack requires not only a special crafted webpage to load in Safari but also the hacker has to have physical access to the machine in order to hook up a second Mac via crossover cable. More info. on this hack would be great. So it really took a whole day plus 2 minutes the following day plus physically connecting a crossover cable to link it to another Mac plus a special crafted webpage stored on the second Mac? in order to pwned the Mac. If this is truely the case, then Mac users have nothing to worry about unless they notice some stranger physically connecting a crossover cable to their computer.

asdfasdfasd

<span class=”author”>lonegunmen – You must be a Mac fan…</span>

<span class=”author”>Do you understand that the contest is a three day affair, day one just networking nothing more, day two internet/email, day three thrid party apps. </span>

<span class=”author”>The corss over cable idea is from what? The network cable going to the router in beyond the far computer? </span>

<span class=”author”>This is where you Mac boys need help the attacker would not have to be connected to the computer directly. Simply put the computer visits a comprimised website. The malicious code is implemented allowing the code writer to exploit the flaw now on the computer. This can be done via a network or other forms of a network (cross over cable (two computer network NO ROUTER), router, or INTERNET)</span>

<span class=”author”>Man what an idea. I just dont see the cross over cable because if you look at the competition three computers are allowed to be attacked by all contestants at the SAMETIME. This would me a larger network then a single cross over cable to only one of the allowed target computers.</span>

DivingDancer

Lonegunman is a typical Mac user. He has no understanding of computer technology.

Let me spell it out: whether it is a cross over cable, or a straight through cable to a router and out to the Internet, the point is that the Mac was directed to a web page that contained exploit code. The computer could be a local webserver on the other end of a crossover, or it could be a server out in the cloud. They are equivalent.

Lesson over.

joeinazusa

Primary box is Linux, but I use the Mac for certain task.

With that said, I never use Safari because of the know security issues. Hopefully Mac can get his fixed.

Now to the Unix/Linux/Windows Debate… God this is going to get flamed.

Access was propably user level, not Administrator(root) but there are only a few details so I am not sure. THe hacker would still need a password to get something installed into the core system.

IMHO, I think Macs OS proprammers are over tasked. Like 10.5 being rushed to market (yep I said it.. Broken X and other issues they knew were broken when it was releaded, X broken is not a small bug), IPhone taking resources, etc…

No system is 100% secure. Not a Mac Fanboy but I do like it better than Windows.

Gary54

” Tthe MacBook Air was hacked in less time than it takes most people to nuke a lunch in the microwave. “

Wrong.

As the story comes out, Miller and a team of people (unspecified number) spent a week cooking this up in advance, creating a special website for the purpose. All they did at the contest was to simply give a url to the user client computer who went to the page to execute the exploit. Gee.

It took a week to break in. It took two minutes to execute a pre prepared hack. How long does it take for any computer to get hacked when the hack is already done and set, and all the client machine has to do is spring the trap?

Two minutes? Makes for a cute headline and food for commentary.

Could any one of the participants also prepared something in advance against any of the three OS’s? Yes. Did they? Who knows.

asdfasdfasd

Gary54 –

I don't see your logic. Look of course hackers take lots of time to find an eploit and they take time to figure out an attack route. But the fact is it took LESS THAN 2 MINUTES to use that exploit. Look this hits the wild and tons of Mac users would be at risk. Simply inject the bug code into widely used websites (a lot less complicated then you think) and see who you can get to go there.

So by your logic the time it takes to get into a windows machine is what meaningless since that hacker took months to find and execute the flaw to maximize effectiveness?

So this logic should also be good for you MacUsers = Sheep

Gary54

@ asdfasdfasd

Baloney

The two minute figure would have been equally fallacious applied to windows or linux.

In prior years contests, there was no advance time given. The problem was “how long would it take to break into computer os 1, 2 or 3?”

I set two computers in front of you and say “go”. How long will it take for you to break into computer b from computer a.

In this case, it took a week.

“I spend a week setting up a deer stand, after examining the terrain, the habits of the local herd and baiting the area that gives me the best shot” “I use all my deer hunting training, background and skills to position and equip the stand so I get the best shot” “The deer walk into the open, two minutes later, getting the best angle on the prize buck, I pull the trigger”

Boy oh boy! It only took 2 minutes to bag that 12 point buck!

Bullshit.

This whole thing is not about computer security, its about attention and about making windows users feel better. Sheep?
Just what this contest is about .. it gives an opportunity for windows users that deal with thousands of virus and spyware daily to guffaw the mac is no better when there are still only a handful of mac exploits. This has not one thing to do with security. It has to do with press, attention getting and the IT folks who need to justify their jobs.

Being a “sheep” means doing what everyone else does.

Like: Being one of the 90%.

lmfao

gary54… just because you're part of a smaller herd does not mean you are not a sheep.

fact is the first machine that went down was a mac despite all the security advances that Apple is so big on boasting about.

By what you are saying, the guy that took down the mac knew about OS/X, studied it for years… got prepared for the hacking contest. but when Windows was introduced into the mix, everyone was totally clueless as to the existance of this OS? nobody had enough time to prepare to hack the swiss cheese code of an OS that is windows??

the second machine that did go down was vista and it went down with a cross platform hack that no one even cared enough to try on the linux box.

have you been eating straight out of steve's hand lately?

Gary54

Pulling faded and yellowing MSCE & A+ certificates out of the drawer and snickers.

Hardly.

I have been listening to this baloney for 14 years, happily enjoying using my computer for productive things like design, while the idiot (read: sheep) windoze heads spend half the day fixing theirs and the other half dealing with virus that I don’t even have to think about it. Except for meaningless stunts like this.

Funny about that.

Laughs on you all bud

lmfao

Gary… You're right… no one had prior knowledge of windows before this contest started. No one could have possibly prepared to hack the Fresh new OS that microsoft just put out on the shelf the day the contest started.

"while the idiot (read: sheep) windoze heads spend half the day fixing theirs and the other half dealing with virus that I don't even have to think about it." Well over 90% of the business world use WINDOZE based computers… if all these people are spending 100% of their time fixing their PCs and dealing with virus'… how is any work ever accomplished? How did we become to be a multi-billion dollar company?

Anyways, there's no point in arguing with an apple elitist. everything you do is right, if somebody says otherwise… they're obviously wrong and disillusioned. ANYWAYS… I have to go back to fixing my computer and dealing with virus'…. it's where we make billions.

hodar

As for the 2 minute 'crack'. Sorry, that's pure BS. I can spend years preparing a nasty bit of software. If it takes a second to infect you, that in no way means that I bypassed your security in a second. I think the deer hunting analogy is appropriate. Spend a 'week' (and I sincerely doubt the 'week' is an accurate amount of time spent in preparation) setting up a payload and website, then testing it to make sure that it works, then simply repeating the process at the convention; does not mean that you cracked the MacBook in less than 2 minutes.

Sure, from the perspective of the show, it took less than 2 minutes to crack this; but that is not a fair assessment.

asdfasdfasd

Okay Gary54 you are the man, guess you and your little mac will never get attacked. O I guess that is because the market share is so low that knowone cares to write viruses for them.

As for the 2 minute idea lets look at another analogy. Lets take a football game. Do you think the team runs out on the field without a single game plan they run any play that they pick out of a hat and hope for the best? Of course not they pratice, look a film, identify those potential exploit spots. Then during the game (cough* contest) they run plays hoping to exploit those identified holes.

Now it took 2 minutes to hack the airbook using knowledge and knowhow of probably more than a week. But how long does it take to get infected from a website? A lot less then 2 minutes. The remaining time was taken up using the now exploited MacAirBook to take control of it.

Now I know if the same thing happend to a Windows machine you would not say shit other than guess you all should go by a Mac, or this would never happen to my Mac. And that is mostly true until Mac users actual hold any worth to that hacker…sad enough that wont be for a long long time, though you would agrue that is not true. Face it Mac users are worthless in the eyes of pure greed and that says a lot for people that buy over priced machines so they can look cool.

O well I said enough time to get back to real productive things on my non Mac and just to let you know another fact I have NEVER had a virus on any of my windows boxes nor do I spend even 0.1% of my time maintaining my boxes. But shit what do I know I am not a Mac user so I cant say I know anything.

Again Sheep FOLLOW and sorry to say that even though 95% OS's out there are windows only Mac users can be accuratly classified as followers of what Jobs things is the right thing (both hardware, software and ideals of technology). It is sad really.

Gary54

“we become to be a multi-billion dollar”

We?

Why Uncle Billy, I never would have guessed you trolled geek sites.

lmfao

yes… you got me. i'm bill gates… microsoft is the only multi billion dollar company in the world. You are so smart.

PunksNotDead

The point is not that it took two minutes to hack a mac. Its that it can be done and done fairly easliy. I'm not saying that macs are more vulnerable than windows I'm saying that the mac comunity needs to pull its collective head out of the sand and realize that macs can be hacked too.

insanex

Guys (and gals),

Come on. Flaming for the sake of argument is moot. Sure, there are fanboys of every variation. I read some lengthy comments on theregister the other day about this. Apple's OS is arguably more stable in some scenarios and more powerful in some applications than Linux or Windows. However, being that I use all 3 regularly, I think that rule applies to each OS. Windows does many things better than Mac (uh, games?) Heck, even Linux runs games like Countrer-Strike: Source with a bit of configuration. But games are not everything. I sure as hell don't make money playing games. But for things like system administration, Windows takes the cake for my network.

But I digress. All this pointless discussion about who is better than who based on the computer and software you use is just stupid. I know true Apple-heads can be very condescending to members of the 90+% crowd – I used to work for one. But when did personal preference become a standard for judging the value of one's intelligence over another's? So many ideaologies exist today, each with its own convincing arguments. The truth is that each OS has its strong point and being married to one over the other without considering the fact that it might have some flaws that other OSes don't have is missing the whole point of being in IT or design or whatever. You can't have such an open mind that your brains fall out so to speak, but I know in my job I have to be ready to change if something better comes down the pike. Or if something already is better, I need to be able to recognize that and not be blindly biased based on being tied to a specific user group or software just because I want to be part of the 'in' crowd. Come on people. New and better stuff is coming out all the time and you know 10+ years from now we'll all be talking about how much OS X 10.x sucked versus 12.0 or whatever. Fighting over this stuff is pointless.

insanex

axllaruse

Just to clarify the Crossover cable.

I can connect two computer with though a router or I can connect them with a crossover cable.

This don’t change the hacking at all. If this computer would be on the internet for example, where thousands of computer and server are connected. The attacker only need someone to go inside his website to do the attack.

The attacker could also reroute some user inside a intranet to the website.

Or another option is going around taking control of wireless routers, putting an small linux there and run a webserver, etc, etc, etc.

Being connected directly by crossover cable doesn’t change the hack at all. It not an “Special equipment”. It just that you need a hub or router if you use the regular cables.